MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a55a560802bea130e690d55e0ea059bd8eb1657ae2cdfdafaf6e3413413fa2d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash:	a55a560802bea130e690d55e0ea059bd8eb1657ae2cdfdafaf6e3413413fa2d6
SHA3-384 hash:	cdac65ac0d903059f226ae502adef3951db1261141feb0747ffd2d8a2a98256cef30d59be16350b4a62bd92fe1325b7c
SHA1 hash:	8050ad8b832b85bff0eb4863268a3d61e423b1c5
MD5 hash:	9b1cab2706f394b0dc6d1f8897213833
humanhash:	mirror-quiet-high-vermont
File name:	Result.chm
Download:	download sample
File size:	11'936 bytes
First seen:	2026-05-14 16:28:08 UTC
Last seen:	Never
File type:
MIME type:	application/vnd.ms-htmlhelp
ssdeep	96:70FevPSb/2QpYATcYD9YXJbTcCEPuoKnlVxKidQfP4DvV:7tipYVgaXJbTcLmoIlnL6X
TLSH	T1FB325E30F6108239CE56A5B53FC5F9CD90159EA1FDB4C286502BB95E27F130D16544E5
TrID	81.0% (.CHI) Windows HELP Index (17144/6) 18.9% (.CHM) Windows HELP File (4000/1)
Magika	chm
Reporter	smica83
Tags:	chm

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

TwinWave.EvilDoc.PkillCHMSlick.20220815.UNOFFICIAL

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a05f82e46d6967b3d9054ef

Tags:

obfuscate phishing xtreme virus

Result

Verdict:

Malicious

File Type:

CHM File - Malicious

Link:

https://app.docguard.net/a55a560802bea130e690d55e0ea059bd8eb1657ae2cdfdafaf6e3413413fa2d6/results/dashboard

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

obfuscated powershell

Link:

https://www.filescan.io/uploads/6a05f82a2fcb905ec2982c9b/reports/8b75f88d-5d84-4f7b-8980-73807c90a8e2/overview

Verdict:

Suspicious

Labled as:

CHM/ABDownloader.VMY

Link:

https://www.hybrid-analysis.com/sample/a55a560802bea130e690d55e0ea059bd8eb1657ae2cdfdafaf6e3413413fa2d6

Verdict:

Malicious

File Type:

chm

First seen:

2026-05-14T13:41:00Z UTC

Last seen:

2026-05-15T01:07:00Z UTC

Hits:

~10

Detections:

Trojan.Multi.Agent.sb Trojan.JS.SAgent.sb Trojan-Downloader.Win32.PsDownload.sb HEUR:Trojan.Script.Generic PDM:Exploit.Win32.Generic HEUR:Trojan.Script.SAgent.gen

Link:

https://opentip.kaspersky.com/a55a560802bea130e690d55e0ea059bd8eb1657ae2cdfdafaf6e3413413fa2d6/results?tab=lookup

Score:

Verdict:

Benign

File Type:

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CHM_File_Executes_JS_Via_PowerShell Create hunting rule
Author:	daniyyell
Description:	Detects a Microsoft Compiled HTML Help (CHM) file that executes embedded JavaScript to launch a messagebox via PowerShell

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample